b'U.S. GOVERNMENT\nPRINTING OFFICE                                                       Robert C. Tapella\nKEEPING AMERICA INFORMED                                                     Public Printer\n\n\n\n\nDecember 2,2010\n\n\nThe Honorable Charles E. Schumer\nChairman\nJoint Committee on Printing\n318 Russell Senate Office Building\nWashington, DC 20510\n\nDear Mr. Chairman:\n\nIn accordance with 44 U.S.C. 3903 and the relevant provisions of the Inspector\nGeneral Act of 1978, as amended, I am transmitting to Congress the Semiannual\nReport of the Office of the Inspector General (OIG) for the U.S. Government\nPrinting Office (GPO), covering the 6-month period of April 1 through September\n30,2010, along with the following information as required by law. This letter\nmeets my statutory obligation to provide comments on the OIG\'s report and\nhighlights management actions taken on the OIG\'s recommendations, which may\nrelate to more than one repOliing period.\n\nGeneral Comments\n\nAs provided for by law, this section offers my general comments on the OIG\'s\nsemiannual report and operations.\n\nI.        Management Challenges. In my view, the organizational and\n          technological transformation that GPO began implementing in 2003\n          remains critical to the future of GPO. To CatTY out that transfonnation\n          successhllly, in this and previous reports the OIG has identified several\n          challenges facing GPO\'s management that we are at various stages of\n          addressing.\n\n          I. Human Capital Operations and Management: Human Capital (HC)\n             operations and management continue to be top priorities at GPO.\n             During the past year, HC at GPO has undergone major changes in an\n             effort to streamline, improve, and build in accountability and quality\n             control. In addition to the reorganization of the department, we have\n             tackled major changes to Federal hiring as mandated by the Office of\n             Personnel Management (OPM). We have successfully complied with\n             the elements of the hiring reform that apply to GPO, including use of\n             categOlY rating, allowing resume and cover letter only as an initial\n             application, and we have trained all of our supervisors and managers.\n\n\n\n732 North Capitol Street, NW   Washington, DC 20401    202\xc2\xb7512-1000      rtapella@gpo.gov\n\x0cThe Honorable Charles E. Schumer - Page 2\n\n\n          We continue to automate our processes in order to improve timeliness,\n          reduce errors, and improve our quality control processes. These\n          initiatives are designed to better SUppOlt GPO\'s mission and to\n          improve our customers\' experience. We are cUlTently beginning the\n          implementation of manager self-service, a key EmpowHR module that\n          will move GPO away from paper SF-52s to an all-electronic system of\n          HC processing. We believe that these improvements to the hiring\n          process are a crucial step in overall improvement to HC management\n          at GPO.\n\n          Additionally, we are continuing planning at the strategic leveL We\n          started this year with a comprehensive workforce analysis followed by\n          a series of presentations and one-on-one meetings with business unit\n          leadership on workforce planning. We have established new HC\n          consultant positions that provide direct support to GPO managers to\n          plan for upcoming recruitment, and both our policy office and GPO\n          University are working together to issue an updated position\n          management directive and in-depth position management training\n          course as a new addition to the already robust supervisor series. These\n          efforts will also improve overall HC management at GPO.\n\n          GPO\'s Chief Operating Officer, acting Chief of Staff and the acting\n          Chief Management Officer meet weekly with the ChiefHC Officer\n          and staff to review key HC activities. HC issues are also regularly\n          discussed at the weekly meeting of all GPO senior leaders. Senior\n          managers have effectively used the recently revised performance\n          management system to achieve significant results across GPO.\n\n         We continue to be dedicated to continuous improvement. To that end,\n         building on the FYIO performance metrics, and looking forward to\n         FYII, all HC employees and managers will have specific measures of\n         accuracy and timeliness as well as customer service as part of their\n         performance plans. We are committed to furthering GPO\'s goals\n         through strategic HC management, building on the success and\n         leveraging the talent of our organization as well as critically evaluating\n         and fixing areas in need of improvement.\n\n      2. Information Technology Management and Security:\n\n             a. Compliance with the Federal Information Management\n                Security Act (FlSMA): GPO continues to make progress and\n                improve controls related to FISMA requirements. A total of 14\n                open OIG recommendations pertaining to FISMA were closed\n\x0cThe Honorable Charles E. Schumer - Page 3\n\n\n                 in the reporting period and GPO is tracking potential changes\n                 to FISMA that may occur based on draft legislative proposals\n                 that have been made recently to ensure technology and budget\n                 request plans and other resources are aligned with any changes\n                 that may be enacted.\n\n             b. Implementation a/the Federal Digital System: In the April\n                20 I 0 FDsys program review, management indicated that the\n                sunset of GPO Access would take place in a phased manner,\n                starting with the final development release ofFDsys. The\n                actual sunset activities for GPO Access will take 3 months,\n                completing the technical activities in late December 2010.\n                From a technical perspective FDsys was ready to be considered\n                the system of record on September 30, 20 I O. However, there\n                were and continue to be non-technical factors that GPO\n                leadership is considering prior to the sunset of GPO Access.\n                These mainly consist of communication activities to the end\n                users of the system and assisting them in the transition that will\n                likely extend into January. A detailed plan is being developed\n                for these critical activities.\n\n                GPO has instituted a rigorous change management and\n                configuration process for information technology projects to\n                help ensure that issues are being resolved and that we have a\n                documented baseline of the code used in production. Issues\n                identified through Program Tracking Reports (PTRs) are\n                reported and corrected based on the severity ofthe issue. The\n                Change Control Board (CCB) assesses the severity of issues\n                and designates them as such. This level of severity detelmines\n                the priority. Historically, GPO has found that new collections\n                being introduced into the system result in a large number of\n                PTRs. This seems to be largely a result of inconsistencies in\n                the legacy data set. GPO uses very high quality standards for\n                data migration, which has been a contributor to the PTR count\n                since any issue found during the migrations process was logged\n                as aPTR.\n\n                Management concurs that testing is an area that needs\n                additional attention. Over the past three years GPO has made\n                great strides in improving test and configuration management\n                areas, with the formation of the IT Quality organization.\n                Additionally, GPO has recognized that system performance\n                modeling and testing are a gap and have made good progress in\n\x0cThe Honorable Charles E. Schumer - Page 4\n\n\n                 closing this gap. In the past 6 months, in anticipation of\n                 enabling GPO\'s Continuity of Access (COA) instance, IT has\n                 conducted perfonnance testing on the COA instance as well as\n                 the production instance. Both of these instances performed\n                 well under this stress testing and revealed areas in the design\n                 and configuration where some changes will benefit the overall\n                 system perfom1ance. One of these areas is in the application\n                 server section of the system. This has been a known issue, and\n                 validated by the solution provider, Oracle. As such, IT is now\n                 upgrading to a new Oracle application server (WebLogics).\n                 GPO held off on this upgrade until Oracle was comfortable that\n                 WebLogics was ready to support FDsys.\n\n                 Additionally, during enhanced testing of system perfonnance,\n                 GPO uncovered areas outside of FDsys that required some\n                 enhancements. For example, with FDsys having a public-\n                 facing component at the legislative branch altemate computer\n                 facility (the first public facing system to be operated at the\n                 ACF), IT leamed of a need to improve GPO\'s network\n                 configuration at the ACF. These enhancements have been\n                 made and the bandwidth leading to the ACF is being increased\n                 to mirror the perfonnance of the service coming to the GPO\n                 main facility.\n\n      3. Security and Intelligent Documents: As the Federal Govemment\'s\n         leading provider of secure credentials and identity documents, Security\n         and Intelligent Documents (SID) is a business unit that exemplifies\n         GPO\'s transformation to high-technology production. During the\n         OIG\'s reporting period, SID reported the successful manufacture of\n         more than 7.7 million electronic passports for the State Department.\n         The Washington DC facility produced over 5.4 million passports while\n         the Secure Production Facility (SPF) at the Stennis Space Center, MS,\n         produced more than 2.3 million passports. During FYIO, total\n         passport production volume was 13,275,300.\n\n         SID operates the Washington, DC-based Secure Credential Center\n         (SCC) to support the Department of Homeland Security\'s Customs and\n         Border Protection (DHS/CBP) Trusted Traveler Program (TTP), as\n         well as other Federal secure ID card requirements. The SCC produced\n         199,477 Trusted Traveler cards during FYIO, as well as the\n         Department of Health and Human Services Center for Medicare and\n         Medicaid Service\'s identification cards to citizens of Puerto Rico.\n\x0cThe Honorable Charles E. Schumer - Page 5\n\n\n          In a significant accomplishment during the reporting period, SID\n          completed the celiification process for the see to become a General\n          Services Administration-certified and fully qualified secure card\n          graphical personalization facility. The sec is now officially celiified\n          to handle, graphically personalize, and distribute HSPD-12 PIV cards.\n          The audits for this certification were completed in May 20 I 0; the GSA\n          completed their assessment and certified GPO in November. This\n          celiification allows the GPO\'s sec to more comprehensively serve\n          Federal agency requirements for HSPD-12 cards and other secure\n          credentials.\n\n         During the reporting period, SID initiated new secure credential\n         programs in support of other Federal agencies, including the State\n         Department\'s Office of Foreign Missions and the Department of\n         Homeland Security. Additionally, the secure credential product line of\n         leather-bound secure flash badges for Federal law enforcement officers\n         and Inspectors General is growing. SID now supplies more than 30\n         Federal agencies with their leather bound badges.\n\n         SID continued to conduct 5S Audits at both plant locations. 5S is a\n         series of defined steps and audits that are intended to improve\n         efficiencies in manufacturing process flows, equipment usage and\n         placement, and environmental housekeeping standards.\n\n         A major milestone was accomplished in July 2010 when the Stennis\n         secure facility and SID personnel successfully completed the required\n         audits and earned their IS0900 I certification. This globally-\n         recognized certification for world class production, quality, and\n         process improvement methodologies is a substantial and well-\n         respected qualification. During the reporting period, the Washington\n         De secure facilities and SID personnel underwent the rigorous\n         IS09001 audits. In November 2010, SID was informed that they had\n         received a strong positive recommendation from the auditors to award\n         IS0900 I certification to the Washington De secure operations\n         (passport production, secure card operations, and new product\n         development) as well. Formal certification was received in late\n         November.\n\n         Additionally during the reporting period, SID completed the formal\n         training of its entire workforce at both facilities in the subjects and\n         concepts that are foundations of OHSAS (Occupational Health and\n         Safety Systems) 18001. The OHSAS 18001 standards promote\n\x0cThe Honorable Charles E. Schumer - Page 6\n\n\n          industry best-practices for occupational health and safety standards\n          and programs in a production environment.\n\n          SID is also working to develop the capability to manufacture secure\n          blank card bodies through the procurement of card lamination and\n          punch equipment and technologies that will result in more secure and\n          controlled card production as well as lower costs and better service to\n          our agency customers. Card lamination and punch equipment was\n          delivered to SID in September 20 I 0 and the process of installation,\n          standard operating procedure development, and operator training is\n          underway. SID capability to manufacture secure blank card bodies is\n          expected to be operational in FYII.\n\n          SID is working closely with Plant Operations to establish a Secure\n          Credential Testing Laboratory to conduct regular performance,\n          durability, and quality tests of passports and credential products. The\n          lab will eliminate costly third party commercial test laboratory\n          expenses for these required product evaluations and provide an\n          environment of greater governmental control and security for these\n          activities. The secure facilities are presently under construction,\n          equipment is on order, and personnel are being trained to support this\n          crucial secure product testing environment. The Secure Credential\n          Testing Laboratory is expected to be operational in FYI!.\n\n          GPO, in cooperation with the State Department\'s Bureau of Consular\n          Affairs, issued a Request for Proposal in June 20 I 0 for the\n          procurement of eCovers used in the manufacturing of passports. The\n          proposed eCovers will be compatible with existing GPO\n          manufacturing and DOS passport personalization processes, and will\n          be required to meet various external requirements and standards,\n          including those of the International Civil Aviation Organization\n          (ICAO) and the ISO.\n\n      4. Internal Controls: Management concurred with KPMG\'s FY09\n         financial statement audit findings and continues to recognize the\n         importance of internal control over financial reporting. Specific\n         monthly measures have been implemented to properly record and\n         review propetiy, plant and equipment records, and new Oracle-based\n         repotis are near completion which will enable a more timely and\n         accurate reconciliation of both accounts payable and GPO\'s deposit\n         accounts. Supervisory review procedures are now in effect to help\n         reduce the risk of any further cash flow statement misclassifications.\n\x0cThe Honorable Charles E. Schumer - Page 7\n\n\n          During the reporting period, SID and associated organizations\n          implemented actions to address the recommendations ofthe OIG\'s\n          review of GPO\'s e-passport supply chain security.\n\n          GPO\'s Oracle financial system (GBIS) went live in May 2009. At that\n          time, GPO decided to standardize its repoliing environment using the\n          business intelligence tool Business Objects. Since that time,\n          approximately 118 repOlis have been developed to bring visibility to\n          all aspects of the data stored in GBIS. These reports, readily available\n          in public folders, are being used to ensure a consistent look at the\n          financial data and provide the ability to evaluate and address\n          deficiencies.\n\n          During the past year, GPO has added processes to address IT general\n          and application controls. Security access controls have been addressed\n          by examining all roles and responsibilities and bringing them under\n          configuration management oversight. Assignmen *t of personnel to\n          roles has been put under the control ofIT Security and officers within\n          Financial Management. Developers\' access to the Production instance\n          of GBIS has been removed. All new development, modifications, and\n          testing are being controlled by the GPO Configuration Management\n          section. To address contingency planning, a secure VPN has been\n          established at GPO\'s COOP site with the hosted Oracle On Demand\n          environment in Austin, TX.\n\n      5. Protection of Sensitive Information: As recommended in a February\n         2009 Management Implication Report, a senior manager was\n         appointed as Privacy Officer (PO). Subsequently, GPO hired a\n         Privacy Program Manager (PPM) to implement rules of conduct and\n         appropriate administrative, technical, and physical safeguards to\n         ensure personally identifiable infonnation (PH) is identified and\n         protected within all GPO business units and with GPO contractors as\n         well. The PPM structured a Privacy Incident Response Team (PIRT)\n         and incident reporting process to investigate and respond to incidents\n         containing PH. These actions were completed by the end of FY 2010.\n\n         GPO\'s Privacy Program fosters transparency and individual\n         participation regarding how GPO uses PH responsibly to fulfill its\n         mission. Working with GPO\'s business units, the PPM is targeting for\n         completion, by the end of calendar year 20 I 0, privacy threshold\n         analyses (PTAs), which will provide an overview ofPII collection and\n         retention practices, as well as behaviors in handling of PIr. The PPM\n         is currently working with GPO business units to implement behavior\n\x0cThe Honorable Charles E. Schumer - Page 8\n\n\n          changes and privacy protections to ensure that the collection and use\n          of PH is limited to the scope ofthe authorized activities, and that PH\n          functions integrate all relevant privacy protections. The PPM is\n          implementing Privacy Impact Assessments (PIAs) and, if required,\n          System of Records Notices (SORNs) that embody the collaborative\n          efforts of program management, technical, legal, and appropriate IT\n          security safeguards to reduce and/or remove PH usage to minimum\n          required levels. The completion of the compliance documentation is\n          critical and requires analysis, recommendations, and approvals. These\n          activities are to be completed by all business units by middle of the\n          third quarter of FY 20 II.\n\n          In addition, the PPM is working with GPO Employee Communications\n          Office on developing a fiJll communication strategy and with GPO\n          University to develop a training curriculum for all GPO employees and\n          contractors on their responsibilities for protecting PH and complying\n          with established guidelines. These steps are to be completed by the\n          end ofFY 2011. The PPM also submitted a request GPO\'s IT services\n          to provide an evaluation of a privacy online incident reporting website\n          to be completed by the second quarter of FY 20 II.\n\n          GPO\'s IT area provides technical support and analysis to the PH\n          protection effort, including input on GPO\'s PH directive and technical\n          assessments, (using software tools, of all GPO network attached\n          storage systems for unprotected PI!. IT plans to continue the periodic\n          assessments of GPO IT systems to detect unprotected PH data going\n          forward, in accordance with GPO policies and procedures.\n\n      6. Acquisitions and Print Procurement: The acquisition fimction\n         assessment report is still ongoing in Acquisitions. We have contracted\n         with the Procurement Strategy Board to assist us with the assessment.\n         The goal was to have the assessment completed by the end of the\n         reporting period, however, while developing the assessment\n         procedures more time was required to fully develop. The assessment\n         objectives are being finalized and should be launched and completed\n         by second quarter FY 20 II. In addition, the issue of contract file\n         information required by the Materials Management Acquisition\n         Regulation (MMAR) was addressed in the responses to the e-Passport\n         audit and we continue to place emphasis on effective contract\n         administration of all contracts. Finally, GPO\'s financial area is\n         reviewing the provisions of the Improper Payments Elimination\n         Improvement Act as signed into law on July 22, 20 I 0, to determined\n         actions to be taken by GPO.\n\x0cThe Honorable Charles E. Schumer - Page 9\n\n\n      7. Financial Management and Pelformance: GPO\'s GBIS Oracle\n         financial system went live in May 2009. At that time, GPO decided to\n         standardize its repOliing environment using the business intelligence\n         tool Business Objects. Since that time, approximately 118 repOlis have\n         been developed to bring visibility to all aspects of the data stored in\n         GBIS. These reports, readily available in public folders, are being\n         used to ensure a consistent look at the financial data and provide the\n         ability to evaluate and address deficiencies. Deficiencies with the\n         design and/or operations of GPO\'s IT general and application controls\n         were noted in security management, access controls, configuration\n         management, and contingency planning.\n\n      8. Continuity ojOperations: In September 2010, GPO\'s Business\n         Continuity Office completed a COOP multi-year strategic plan\n         outlining the agency\'s goals and objectives to ensure complete support\n         of its mission essential functions. The three main goals of the plan are\n         to establish all-hazards mobile capabilities, complete business unit\n         COOP plans, and establish, update and implement COOP policies and\n         directives. The plan was presented to and approved by the GPO\n         operating committee. It was then presented to staff of the Committee\n         on House Administration. The COOP multi-year strategic plan serves\n         as a roadmap for COOP planning, tests, training, and exercises. The\n         following represent significant COOP capability improvements and\n         exercises during FY 2010:\n\n          In another development, GPO assembled House and Senate fly-away\n          kits to support the Enrolled Bill process. The kits are to support\n          enrolled and engrossed printing at an alternate chamber and are\n          composed of cases, printers, paper, cables, and other supplies. There\n          is a kit for Senate and a kit for the House; each kit consists of three\n          cases. The kits can be used at ad hoc COOP sites as needed.\n\n          GPO is also completing Continuity of Access (COA) activities to\n          ensure unintelTupted public access to gpo.gov and FDsys.\n\n          During the reporting period, GPO conducted two successful exercises.\n          The July 2010 House alternate chamber exercise completed all\n          objectives to test notification systems for key staff, demonstrate onsite\n          printing of enrolled/engrossed bills, validate fly-away kit contents,\n          manuscript scanning conducted with file transfer via air card, simulate\n          high-volume delivety of product to alternate site, simulate manuscript\n          pick up from the alternate site, and receive electronic transfer of\n          introduced Bill via FTP at the ACF. The October 2010 congressional\n\x0cThe Honorable Charles E. Schumer - Page 10\n\n\n          products exercise tested composition (across 3 shifts) for the\n          Congressional Record, committee report with graphics, bills, and\n          calendar. It also tested OCR scanning, public\' access posting to FDsys,\n          printing procurement using GPO contracts, and file Transfer to the\n          LOC and commercial vendors.\n\n      9. Strategic Vision and Customer Service: Business units across GPO\n         continue to align to changing customer requirements in support of new\n         technologies and transparency initiatives throughout the Government.\n         E-book publishing services in the Publications and Information Sales\n         unit, new security card products in the Security and Intelligent\n         Documents unit, and continuously expanded digital content offered on\n         the FDsys platform are some of many examples. In keeping with\n         elements ofthe May 2010 draft update to the Strategic Vision, GPO is\n         making significant strides to improve a customer service and new\n         business development culture. In Print Procurement, a simplified SF-I\n         form was introduced along with a system to automatically notify\n         customers of order receipt via email. Simplified and automated\n         workflows have dramatically reduced errors and process time as well.\n         Newly-Oappointed directors of sales and marketing have gained\n         traction in the new Agency Accounts and Marketing business unit, as\n         evidenced by over $16 million of new business generated over the past\n         12 months by the National Account Manager team. During this time\n         the marketing team organized and held over 50 presentations\n         throughout the United States to introduce GPO services to Federal\n         agency customers.\n\n      10. Sustainable Environmental Stewardship: GPO\'s goal of environ-\n          mental sustainability and stewardship is a continuous improvement\n          initiative throughout the agency. GPO\'s Environmental Advisory\n          Committee is continually evaluating and identifying creative ways to\n          improve sustainability effolis in recycling, procurement, and energy\n          efficiency that ultimately reduce GHG emissions. In calendar year\n          2009, the most recent period for which complete figures are available,\n          GPO\'s waste reduction activities successfully divelied 4,702 tons of\n          waste from the landfill, representing recyclables directed to recycling,\n          reuse, and compost facilities.\n\n         Internally, GPO\'s office recycling programs collect mixed paper, cans,\n         and bottles for recycling, and all paper, chemical, and metal waste\n         from operations is evaluated and recycled if possible. In 2009, GPO\n         redirected 87.5% of the waste steam to non-landfill uses. In\n         conjunction with the Architect of the Capitol, GPO began feasibility\n\x0cThe Honorable Charles E. Schumer - Page 11\n\n\n           and cost studies for composting cafeteria waste and use of\n           compostable containers and utensils. GPO is testing and evaluating a\n           comprehensive group of office and off-set paper options with higher\n           recycled content, more sustainable manufacturing processes, and lower\n           chemical environmental impact to offer to its customers. GPO\'s roof\n           replacement project, which was completed in spring 20 I 0, contracted\n           for approximately 100,000 square feet of Energy Star-rated and bio-\n           based products. The contract also required recycling of old materials\n           removed from the roof when possible.\n\n           GPO continues to recognize economies of scale in purchasing and\n           working with legislative branch partners. GPO\'s Environmental\n           Services is developing chemical inventory systems and working with\n           Acquisitions to review waste hauling contracts to benefits to the\n           Agency. GPO is also improving infrastructure performance by\n           retrofitting the steam system to improve efficiency and prioritize\n           projects identified in a 2008 PEPCO Energy Survey Report-to reduce\n           energy consumption and improve equipment and infrastructure to\n           reduce energy costs. GPO will continue working on environmental\n           stewardship and energy efficiency projects to improve the results.\n\nII. Audits and Inspections. During the reporting period, the OIG issued 3 new\n    audit and assessment reports, with recommendations to help improve\n    operational perfornlance:\n\n   \xe2\x80\xa2   Federal Digital System (FDsys) Independent Verification and Validation -\n       Eleventh Quarter Report on Risk Management, Issues, and Traceability\n       (Assessment Report 10-07, June 18,2010). This assessment continued the\n       ongoing independent verification and validation (IV & V) evaluation\n       associated with the development ofFDsys. The evaluation provides\n       quarterly observations and recommendations on the FDsys program\'s\n       technical, schedule, and cost risks, as well as related issues. This IV& V\n       did not identify any new technical, cost, or schedule risks. The report\n       discusses issues and concerns addressed in previous qUaIierly reports.\n\n   \xe2\x80\xa2   Federal Digital System (FDsys) Independent Verification and Validation -\n       Twelfth Quarter Report on Risk Management, Issues, and Traceability\n       (Assessment Report 10-08, September 16, 2010). This evaluation also did\n       not identify any new technical, cost, or schedule risks, and did not include\n       any new recommendations. However, the evaluation discusses a number\n       of issues wOlih noting as GPO implements the remaining efforts to\n       complete Release 1 of FDsys.\n\x0cThe Honorable Charles E. Schumer - Page 12\n\n\n   \xe2\x80\xa2    Web Trust Assessment o/GPO\'s Public Key In}i\'astructure Certification\n       Authority - Attestation Report (Assessment Report 10-09, September\n       2010). This was an annual compliance review of GPO\'s Public Key\n       Infrastructure Certification Authority. The assessment resulted in an\n       attestation repOli expressing its unqualified opinion that management\'s\n       assertion related to the adequacy and effectiveness of controls over its\n       certification authority operations was, in all material respects, fairly stated\n       based on the American Institute of Certified Public Accountants Web Trust\n       for Certification Authority Criteria.\n\n   In addition, the OIG serves as the Contracting Officer\'s Technical\n   Representative for the audit of GPO\'s FY 2010 financial statements, which\n   was begun by KPMG during the reporting period. Title 44, U.S.C., requires\n   that GPO obtain an annual audit of its financial statements. The audit of\n   GPO\'s FY 2009 financial statements was conducted by KPMG. KPMG\n   issued an unqualified opinion on the statements, asserting that they were fairly\n   presented, in all material respects, and in conformity with generally. accepted\n   accounting principles. KPMG identified 2 significant deficiencies: financial\n   reporting controls and information technology general and application\n   controls. As the OIG;s Semiannual Report for the period October 1, 2009,\n   through March 31, 2010, noted, KPMG made recommendations for each\n   condition; management concurred with those recommendations and has either\n   planned or initiated responsive corrective action.\n\n   Prior Period Outstanding Recommendations. As required by law, this\n   section summarizes management\'s actions to address OIG recommendations\n   still outstanding from previous reporting periods:\n\n   \xe2\x80\xa2   GPO Network Vulnerability Assessment (Assessment Report 06-02, March\n       28, 2006). One recommendation made in this report remains open.\n\n   \xe2\x80\xa2   Assessment o/GPO\'s Transition Planning/or Internet Protocol Version 6\n       (IPv6) (Assessment Report 08-12, September 30, 2008). One\n       recommendation remains open pending completion of GPO\'s ongoing\n       infrastruchlre refresh.\n\n  \xe2\x80\xa2    Federal Digital System (FDsys) Independent Verification and Validation\n       (IV& V) - Fourth Quarter Report on Risk Managemellt, Issues, and\n       Traceability (Assessment Report 09-01, November 4, 2008). Two\n       recommendations remain open.\n\x0cThe Honorable Charles E. Schumer - Page 13\n\n\n       \xe2\x80\xa2    Federal Digital System (FDsys) Independent Verification and Validation\n            (IV& V) - Fifth Quarter Report 011 Risk Management, Issues, and\n            Traceability (Assessment Report 09-03, December 24, 2008). Three\n            recommendations remain open.\n\n       \xe2\x80\xa2      Federal Digital System (FDsys) Independent Verification and Validation\n             ~(IV& V) - Sixth Quarter Report on Risk Management, Issues, and\n              Traceability (Assessment Report 09-07, March 20, 2009). Three\n           \'. recommendations remain open.\n\n       \xe2\x80\xa2    Federal Digital System (FDsys) Independent Verification and Validation\n            (IV& V) - Seventh Quarter Report on Risk Management, Issues, and\n            Traceability (Assessment Report 09-12, September 30,2009). At the end\n            of the reporting period, 17 recommendations remain open.\n\n       \xe2\x80\xa2    Federal Digital System (FDsys) Independent Verification and Validation\n            (IV& V) - Ninth Quarter Report on Risk Management, Issues, and\n            Traceability (Assessment Report 10-01, December 2, 2009). Four\n            recommendations remain open.\n\n       \xe2\x80\xa2    GPO\'s Compliance with the Federal Information Security Management\n            Act (Assessment Report 10-03, January 12,2010). As the OIG report\n            states, management continues to work with the OIG to implement\n            corrective actions on the remaining 14 open recommendations.\n\n      \xe2\x80\xa2     Federal Digital System (FDsys) Independent Verification and Validation\n            (IV& V) - Tenth Quarter Report on Risk Management, Issues, and\n            Traceability (Assessment Report 10-05, March 24,2010). Three\n            recommendations remain open.\n\n   III. Investigations. During the repoliing period, the OIG performed investigative\n       work on procurement fraud, workers\' compensation fraud, employee\n       misconduct, and other matters including theft, illegal hacking, or other\n        matters, as detailed in the OIG\'s report. In some cases this work resulted in\n       evaluation for possible civil or criminal action by the Justice Department, and\n        in others in proposals for GPO internal corrective action. These activities\n       demonstrated the value of OIG investigators in protecting GPO from waste,\n       fraud, and abuse.\n\n   IV. Statistical Tables.\n\n      Statistical tables as required by law are enclosed.\n\x0cThe Honorable Charles E. Schumer - Page 14\n\n\nIf you need additional information with respect to this report, please do not\nhesitate to contact Mr. Andrew M. Sherman, Director of Congressional Relations,\non 202-512-1991, or bye-mail at asherman@gpo.gov.\n\nSincerely,\n\n\n\n\nROBERT C. TAPELLA\nPublic Printer\n\nEnclosures\n\ncc:    The Honorable Robert Brady, Vice Chairman\n       The Honorable Dan Lungren, Ranking Minority Member\n       The Honorable Patty Murray\n       The Honorable Tom Udall\n       The Honorable Robert Bennett\n       The Honorable Saxby Chambliss\n       The Honorable Michael Capuano\n       The Honorable Susan A. Davis\n       The Honorable Kevin McCarthy\n\x0cENCLOSUREl\n\n                   STATISTICAL TABLE FOR SECTION 5(b)(2) - DISALLOWED COSTS\n\n                                                          Number of       Disallowed Costs\n                                                         Audit Re~orts Questioned U nsuQQorted\nA.      Audit reports for which final action I had\n        not been taken by the commencement\n        of the reporting period                                 0               0            0\n\n        Audit reports issUed during the period\n        with potential disallowed costs                         0               0            0\n\n        Total Costs                                             0               0            0\n\nB.      Audit repoi\xc2\xb7ts on which management\n        decisions\' were made during the\n        reporting period\n\n        ( i.)    Dollar value of disallowed costs              0            0               0\n\n        (ii.)    Dollar value of allowed costs                 0            0               0\n\nC.      Audit reports for which final action\n        was taken during the period, including:\n\n        ( i.)    Dollar value of disallowed costs               0           0                0\n                 that were recovered by management\n                 through offsets against other\n                 contractor invoices or nonpayment\n\n        (i i.)   Dollar value of disallowed costs               0           0               0\n                 that were written offby management\n\nD.      Audit reports for which no final                        0           0               0\n        action has been taken by the end\n        of the reporting period\n\n\n\n\nI As dell ned by law, the term "final action" means the completion of all actions that the management of\nan establishment has concluded, in its management decision, are necessary with respect to the findings\nand recommendations included in an audit report, and in the event that the management concludes no\naction is necessary, final action occurs when a management decision has been made.\n2 As defined by law, the term "management decision" means the evaluation by management of the\nfindings ancl recommendations included in an audit report and the issuance of a final decision by\nmanagement concerning its response to such findings and recommendations, including actions concluded\nto be necessary.\n\x0cENCLOSURE II\n\n\n     STATISTICAL TABLE FOR SECTION 5(b)(3) -FUNDS PUT TO BETTER USE\n                 AGREED TO IN A MANAGEMENT DECISION\n\n                                                        Number of        Dollar Value of\n                                                        Audit Rel20lis   Recommendations\nA.      Audit repotis for which final action 3 had\n        not been taken~by the commencement of\n        the reporting period                                    0                   0\n\n        Audit repOlis for which final action had\n        not been taken for new reports issued\n        during the reporting period with potential\n        funds put to better use\n                                                               0                    0\nB.      Audit reports on which management\n        decisions4 were made during the reporting\n        period                                                 0                    0\n\nC.      Audit repotis for which final action was\n        taken during the reporting, including:\n\n        ( i.)    Dollar value of recommendations\n                 that were actually completed                  0                    0\n\n        (ii. )   Dollar value of recommendations\n                 that management has subsequently\n                 concluded should not or could not\n                 be implemented or completed                   0                    0\n\nD.      Audit repotis for which no final action has\n        been taken by the end of the reporting period          0                    0\n\n\n\n\n3 Same definition as in Enclosure L\n" Same definition as in Enclosure L\n\x0c'